Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jr3151006
New Contributor

Users not authenticating - FSSO Agent show no FG connected...

After restart my DC, no users can navigate. The browser ask for credentials but doesn´t matter the credential - you cannot navigate and the browser show the following url " http://www.xyzblabla.com/fgtauth?00070d87a63aafa3" I restarted the FG to swap MASTER/SLAVE without success. I restarted the FSSO service on DC withou success. What can we do to debug this error and fix auth for navigation??? Is there some LOG to check what happened? * our FG cluster have the same date/Time as the DC.
tks, Renato P
tks, Renato P
9 REPLIES 9
ehammett
New Contributor

I am having the exact same problem this morning. FSSO service all of the sudden is not communicating with Fortigate. Tried rebooting DC and Fortigate with no success, nothing has changed. v4.0,build0441,110318 (MR3)
ehammett
New Contributor

Make sure you create an allow rule on the windows firewall for port 8000 tcp, that fixed it for me. not sure what changed besides windows updates and a reboot of the dc.
jr3151006
New Contributor

ehammett
ehammett, tks for quick reply, but isn´t our case since our DC is W2k3 and the ' Windows Firewall Service' is disabled. I also tried to connect through telnet - just to check if the TCP 8000 port was listening and worked fine!
tks, Renato P
tks, Renato P
lxzndr
New Contributor

We also began having similar issues in the past few days. sometimes a refresh of the web page will work, others it continues to show a fortinet authentication login page. Seems to be very random. We also have been randomly receiving SSL certificate errors where it will swap in the fortinet cert in the middle of a current ssl session. I do not have the fortinet certs in my broswer, and I have received it today a couple times when I was already browsing SSL site for a few minutes. Our fortigate 80c had been up for 63days, and only just late last week did we start to see these problems. our FSAE collector is also a 2k3 AD DC. and it appears to believe everything is fine, as does the 80C. about 28%memory usage, and CPU bounces from 1-25%
jr3151006
New Contributor

Curious thing...
tks, Renato P
tks, Renato P
jr3151006
New Contributor

Just for information.... After run the following command: diagnose debug authd fsso list show no users connected After run the following command: diagnose debug authd fsso server-status It show as connected
tks, Renato P
tks, Renato P
jr3151006
New Contributor

Looking at ' Log&Report\EventLog' menu we found: Date Time 2011-09-13 00:58:42 Date 2011-09-13 Time 00:58:42 Level notice notice Sub Type auth ID 43013 Virtual Domain root Src 192.168.6.45 Dst 65.54.81.106 Address Group User Protocol 6 Policy ID 57 User Interface HTTP(192.168.6.45) Action FSSO-auth Status failure Reason no_logon_info Message AD group user failed in authentication
tks, Renato P
tks, Renato P
jr3151006
New Contributor

That problem can be related with a ' cluster' mode?? Take a look: http://support.fortinet.com/forum/tm.asp?m=76445&appid=&p=&mpage=1&key=authentic&language=single&tmode=&smode=&s=#76445
tks, Renato P
tks, Renato P
lxzndr
New Contributor

We are not running in cluster mode. If I get a cert warning about the fortinet cert, then I refresh a non ssl page, I can then refresh the ssl page and I' m ok again for awhile. before refresh of the non ssl page, if I look at the fortigate user monitor, I am not listed in the list until the non-ssl refresh. others are showing in the monitor with times over 15minutes. How do I track down the issue here? and why would it just have started recently. the only change I am aware of is that our fsae server (and DC) had its vm disk aligned last week, and may have moved to a new datastore. Everything had been running fine for several months with the same configuration.
Top Kudoed Authors